Cookies on our website

We use cookies on our website. To learn more about cookies, how we use them on our site and how to change your cookie settings please view our cookie policy. By continuing to use this site without changing your settings you consent to our use of cookies in accordance with our cookie policy.

Read more Close
Skip Ribbon Commands
Skip to main content
Sign In

Practices

 

Cybersecurity

Clients turn to us to manage legal risk in relation to the threat of cyber-attacks as well as when looking for response specialists to ensure they are resilient to cyber-attacks or other data breaches.

​Across our international network, our cyber security practitioners advise on all aspects of preventing and reacting to cyber breaches or data incidents. 

Computers, the internet, mobile devices and electronic transactions all play an important and ever-increasing role within the corporate environment, particularly for businesses with a strong online presence. 

But the continued growth of “cyber” technologies and the growing phenomenon of cyber-attacks pose significant risks to businesses.  Cyber attackers are often quick to spot the potential vulnerabilities of new technologies and to exploit them to commit civil and criminal offences (and to frustrate detection of those activities).  Risks include:

  • damage to reputation
  • business interruption
  • financial loss 
  • litigation 
  • costs
  • loss of IP and confidential information
  • regulatory sanctions. 

Cyber-security is about prevention of (and/or preparation for) cyber-attacks, but also about reaction once the risk has realised.  It requires an integrated approach across traditional security disciplines proactively to understand, detect and respond to advanced and evolving threats.  Our practice reflects this. 

Prevention 

The task of managing legal risk in relation to the threat of cyber-attacks has many different components.   

Our experience in preventing cyber and information breaches includes advising on:

  • Policies: including with respect to data security, data retention and destruction; privacy impact assessments and risk assessments.
  • Standards: including awareness and understanding of available standards and guidance (eg from BIS, ENISA, EC3, ISO and others).
  • Practices: including education and training programmes, employee monitoring (including ILP and other measures); and penetration testing.
  • Governance: including advising on appropriate structures and processes (eg with respect to service provider selection and management).
  • Contracts: including review and drafting of provisions concerning imposition of security standards (eg specifications, testing and rights to participate, certification, audits, training), governance and control (eg reporting requirements, step in rights, control of announcements and communications with authorities) and liability (eg force majeure, recoverable losses, insurance).
  • Insurance: including reviewing coverage especially exclusions.

Incident response

Allen & Overy’s cross-practice team of cyber-incident response specialists supports clients to ensure they are resilient to cyber-attacks or other data breaches which may impact them or their own client’s services. We act as a partner to make sure you can react quickly and effectively.

Our experience in reacting to cyber and information breaches includes advising on:

  • Coordination: Response coordination, including managing internal stakeholders and external vendors (eg forensic teams).
  • Communications: Advising on approach to, and facilitating, communications (eg with employees, clients, media, and others). 
  • Investigations: Assisting with investigations by law enforcement authorities and regulators (including the ICO), including preparation and review of reports. 
  • Civil remedies: Pro-active response and civil remedies (including Emergency Injunctions, Search Orders, Freezing Injunctions and Disclosure Orders).
  • Reporting: Advising on reporting obligations (eg to markets, insurers, counterparties, regulators).
  • “Wash up”: dealing with post-incident actions, including liaison with regulators, defence of civil claims and employee (eg disciplinary) issues. 

 

Find a lawyer


  • Expertise


  • Search Clear

Key people

Peter Eijsvoogel
Peter Eijsvoogel
Of Counsel
Netherlands
Telephone icon+31 20 674 1295
Send email
View officeView profile
Filip Van Elsen
Filip Van Elsen
Partner
Belgium
Telephone icon+32 3 287 73 27
Send email
View officeView profile
Nigel Parker
Nigel Parker
Partner
United Kingdom
Telephone icon+44 203 088 3136
Send email
View officeView profile
Mark Ridgway
Mark Ridgway
Partner
United Kingdom
Telephone icon+44 20 3088 3720
Send email
View officeView profile
Lawson Caisley
Lawson Caisley
Partner
United Kingdom
Telephone icon+44 20 3088 2787
Send email
View officeView profile
Philip Mansfield
Philip Mansfield
Partner
United Kingdom
Telephone icon+44 20 3088 4414
Send email
View officeView profile
Catherine Di Lorenzo
Catherine Di Lorenzo
Counsel
Luxembourg
Telephone icon+352 44 44 5 5129
Send email
View officeView profile
Victor Ho
Victor Ho
Partner
China and Hong Kong
Telephone icon+86 10 6535 4381
Send email
View officeView profile
Will McAuliffe
Will McAuliffe
Partner
China and Hong Kong
Telephone icon+852 2974 7119
Send email
View officeView profile
William E. White
William E. White
Partner
United States
Telephone icon+1 202 683 3876
Send email
View officeView profile
Jane Finlayson-Brown
Jane Finlayson-Brown
Partner
United Kingdom
Telephone icon+44 20 3088 3384
Send email
View officeView profile
Connell O'Neill
Connell O'Neill
Partner
Australia
Telephone icon+612 9373 7790
Send email
View officeView profile
Alexandre Rudoni
Alexandre Rudoni
Partner
France
Telephone icon+33 (0)1 40 06 50 34
Send email
View officeView profile
Simon Toms
Simon Toms
Partner
United Kingdom
Telephone icon+44 20 3088 4681
Send email
View officeView profile


  • Add comment (optional)